lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:	Mon, 23 Feb 2009 16:37:02 +0900
From:	Toshiharu Harada <haradats@...data.co.jp>
To:	Pavel Machek <pavel@....cz>
CC:	Tetsuo Handa <penguin-kernel@...ove.SAKURA.ne.jp>,
	jmorris@...ei.org, takedakn@...data.co.jp,
	linux-security-module@...r.kernel.org,
	linux-kernel@...r.kernel.org, akpm@...ux-foundation.org
Subject: Re: [TOMOYO #15 0/8] TOMOYO Linux

Pavel Machek wrote:
> On Sun 2009-02-22 23:27:34, Tetsuo Handa wrote:
>> Pavel Machek wrote:
>>> On Thu 2009-02-12 16:34:16, James Morris wrote:
>>>> On Thu, 5 Feb 2009, Kentaro Takeda wrote:
>>>>
>>>>> TOMOYO Linux is a name-based MAC extension (LSM module) for the Linux kernel.
>>>>>
>>>> Applied to 
>>>> git://git.kernel.org/pub/scm/linux/kernel/git/jmorris/security-testing-2.6#next
>>>>
>>> Does that mean tomoyo is scheduled for 2.6.30?
>>>
>> TOMOYO is already in linux-next tree and ready to go into 2.6.30 .
> 
> Last time I looked it included script parser and some
> interpretter... Was that solved?
> 									Pavel

Are you talking about the interface between
userland and kernel regarding string data?

Linus once said in a Smack thread (http://lkml.org/lkml/2007/11/5/129) 
>> On Sun, Nov 04, 2007 at 12:28:48PM +0000, Pavel Machek wrote:
>> > Can we avoid string parsers in the kernel?
>> 
>> Ok, Could someone suggest a better idea please ?. 
>
> I personally think string parsers are *much* better than the alternatives 
> (which basically boil down to nasty binary interfaces)
>
>> I thought about packing the rules in a structure and sending
>> it over an ioctl() command. Is this applicable ?
>
> That's *MUCH* worse.
>
> Strings are nice. They aren't that complex, and as long as it's not a 
> performance-critical area, there are basically no downsides.
>
> Binary structures and ioctl's are *much* worse. They are totally 
> undebuggable with generic tools (think "echo" or "strace"), and they are a 
> total nightmare to parse across architectures and pointer sizes.
>
> So the rule should be: always use strings if at all possible and relevant.
> If the data is fundamentally binary, it shouldn't be re-coded to ascii
> (no real advantage), but if the data is "stringish", and there aren't
> big performance issues, then keep it as strings.

Admiring your concern, I would like to follow the above directions.

Best regards,
Toshiharu Harada

--
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@...r.kernel.org
More majordomo info at  http://vger.kernel.org/majordomo-info.html
Please read the FAQ at  http://www.tux.org/lkml/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ